[CentOS] OT - has my email domain been hijacked?

Wed Sep 14 20:25:58 UTC 2005
Mike Kercher <mike at CamaroSS.net>

centos-bounces at centos.org <> scribbled on Wednesday, September 14, 2005 2:40
PM:

> Returned mail: User unknown
> Hi List;
> 
> I keep getting emails similar to the text below. I/We own the
> domain dataintellect.com and we have email addresses setup
> however I always see a bogus dataintellect.com email address
> as the sender.
> 
> -or is this simply a random spam email?
> 
> Thanks in advance for any advice...
> 
> 
> =========================================
> 
> 
> From:
> Mail Delivery Subsystem <MAILER-DAEMON at aol.com>
>   To:
> carina_x at dataintellect.com
>   Date:
> Today 13:31:26
> 
>   Spam Status: Spamassassin 0% probability of being spam.
> 
> Full report:
> No, score=0.0 required=5.0 tests=AWL,BAYES_50 autolearn=no
> version=3.0.4 The original message was received at Wed, 14
> Sep 2005 15:31:23 -0400 (EDT) from
> client-201.230.112.161.speedy.net.pe [201.230.112.161]
> 
> 
> *** ATTENTION ***
> 
> Your e-mail is being returned to you because there was a
> problem with its delivery.  The address which was
> undeliverable is listed in the section
> labeled: "----- The following addresses had permanent fatal
> errors -----".
> 
> The reason your mail is being returned to you is listed in the section
> labeled: "----- Transcript of Session Follows -----".
> 
> The line beginning with "<<<" describes the specific reason
> your e-mail could not be delivered.  The next line contains a
> second error message which is a general translation for other
> e-mail servers.
> 
> Please direct further questions regarding this message to
> your e-mail administrator.
> 
> --AOL Postmaster
> 
> 
> 
>    ----- The following addresses had permanent fatal errors
> ----- <acardi at cs.com> <adorablealicia at cs.com>
> <aclaudet at cs.com> <acarter5 at cs.com> <acrader at cs.com>
> 
>    ----- Transcript of session follows ----- ... while
> talking to air-yg01.mail.aol.com.:
>>>> RCPT To:<acrader at cs.com>
> <<< 550 MAILBOX NOT FOUND
> 550 <acrader at cs.com>... User unknown
>>>> RCPT To:<acarter5 at cs.com>
> <<< 550 MAILBOX NOT FOUND
> 550 <acarter5 at cs.com>... User unknown
>>>> RCPT To:<aclaudet at cs.com>
> <<< 550 MAILBOX NOT FOUND
> 550 <aclaudet at cs.com>... User unknown
>>>> RCPT To:<adorablealicia at cs.com>
> <<< 550 MAILBOX NOT FOUND
> 550 <adorablealicia at cs.com>... User unknown
>>>> RCPT To:<acardi at cs.com>
> <<< 550 MAILBOX NOT FOUND
> 550 <acardi at cs.com>... User unknown
> unnamed
> 
> Received: from  client-201.230.112.161.speedy.net.pe
> (client-201.230.112.161.speedy.net.pe [201.230.112.161]) by
> rly-yg02.mx.aol.com (v107.10) with ESMTP id
> MAILRELAYINYG23-26f43287a8232f; Wed, 14 Sep 2005 15:31:21 -0400
> Received: from mail.strawberrysampler.com ([64.118.71.80]) by
> 201.230.112.161 with ESMTP id 4868741;
>          Wed, 14 Sep 2005 19:21:59 -0100
> Received: (qmail 73986 invoked by uid 5164); Date: Wed, 14
> Sep 2005 19:21:59 -0100
> Date: Wed, 14 Sep 2005 19:21:59 -0100
> Message-ID: <20050914.68664.carina_x at dataintellect.com>
> From: "Men of Focus" <carina_x at dataintellect.com>
> Sender: carina_x at dataintellect.com
> To: acardi at cs.com, adorablealicia at cs.com, aclaudet at cs.com,
> acarter5 at cs.com,
>         acrader at cs.com
> X-Responder-ID: 14
> Subject: Living without concerns!
> Content-Type: text/html; charset="UTF-8"
> X-AOL-IP: 201.230.112.161
> X-AOL-SCOLL-SCORE: 1:2:306687321:10737418
> X-AOL-SCOLL-URL_COUNT: 3
> _______________________________________________

I have to deal with this all the time.  Some spammer or zombie is sending
out emails from @yourdomain.com and there's not much you can do about it.
You might consider adding SPF records to your DNS.  If you have a catch-all
address, you might consider temporarily disabling it.  I also use
milter-sender on my boxen which blocks a BUNCH of these.

Mike